CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 101:

  A security administrator is reviewing reports about suspicious network activity occurring on a subnet. Users on the network report that connectivity to various websites is intermittent. The administrator logs in to a workstation and reviews the following command output:

  

  Which of the following best describes what is occurring on the network?

  A. ARP poisoning
  B. On-path attack
  C. URL redirection
  D. IP address conflicts
  A. ARP poisoning

  ---

  ARP poisoning. This is a type of attack where an attacker sends false ARP messages to a network to associate their own MAC address with the IP addresses of other devices. This allolws the attacker to intercept, modify, or block the network traffic intended for those devices. The command output shows the same MAC address is associated with multiple IP addresses on the network, which is a sign of ARP poisoning. The attacker is likely using the this techinque to perform a man-in-the-middle attack and disrupt the network connectivity of the users.

• Question 102:

  A nuclear plant was the victim of a recent attack, and all the networks were air gapped. A subsequent investigation revealed a worm as the source of the issue. Which of the following BEST explains what happened?

  A. A malicious USB was introduced by an unsuspecting employee.
  B. The ICS firmware was outdated
  C. A local machine has a RAT installed.
  D. The HVAC was connected to the maintenance vendor.
  A. A malicious USB was introduced by an unsuspecting employee.

• Question 103:

  Which of the following BEST describes the method a security analyst would use to confirm a file that is downloaded from a trusted security website is not altered in transit or corrupted using a verified checksum?

  A. Hashing
  B. Salting
  C. Integrity
  D. Digital signature
  A. Hashing

  ---

  Explanation Explanation/Reference:File verification, also known as hashing, is the process of checking that a file you have on your machine is identical to the source file... When you hash a file, you are left with a checksum, a random alpha numeric string with a set length. Hashing a file doesn't encrypt the file and you can't take a checksum and run it back through an algorithm to get the original source file.

• Question 104:

  A security analyst reports a company policy volation ina case in which a large amount of sensitive data is being downloaded after hours from various mobile devices to an external site. Upon further investigation, the analyst notices that successful login attempts are being conducted with impossible travel times during the same time periods when the unauthorized dowloads are occurring. The @nalyst also discovers a couple of WAP are using the same SSID, but they have non-siandard DHCP configurations and an overlapping channel. Which of the following attacks is being conducted?

  A. Evil twin
  B. Jamming
  C. DNS poisoning
  D. Bluesnarfing
  E. DDoS
  A. Evil twin

• Question 105:

  An attacker tricks a user into providing confidential information. Which of the following describes this form of malicious reconnaissance?

  A. Phishing
  B. Social engineering
  C. Typosquatting
  D. Smishing
  B. Social engineering

  ---

  In this case, both options, phishing and social engineering, could be considered correct answers. Phishing is a type of social engineering attack that involves impersonating a trustworthy entity to solicit personal information from the victim Therefore, the act of an attacker tricking a user into providing confidential information is an example of a phishing attack, which is a type of social engineering attack. However, if the question specifically asks for the broader term that refers to the use of psychological manipulation to trick users into making security mistakes or giving away sensitive information, then social engineering would be the correct answer.

• Question 106:

  A company is considering transitioning to the cloud. The company employs individuals from various locations around the world The company does not want to increase its on-premises infrastructure blueprint and only wants to pay for additional compute power required. Which of the following solutions would BEST meet the needs of the company?

  A. Private cloud
  B. Hybrid environment
  C. Managed security service provider
  D. Hot backup site
  B. Hybrid environment

  ---

  A hybrid environment is a cloud computing model that combines on-premises infrastructure with a cloud infrastructure. This type of solution would allow the company to retain control over some of its infrastructure while also taking advantage of the flexibility and scalability of the cloud. This would allow the company to pay for additional compute power as needed and avoid the need to increase its on-premises infrastructure. A private cloud is a cloud infrastructure that is operated solely for a single organization. It is not suitable for a company with employees located around the world because it does not provide the flexibility and scalability of a public cloud. A managed security service provider is a third-party that provides security services to an organization. It is not directly related to the company's need to transition to the cloud. A hot backup site is a backup site that is always active and ready to take over in the event of a disaster. It is not related to the company's need to transition to the cloud.

• Question 107:

  Which of the following prevents an employee from seeing a colleague who is visiting an inappropriate website?

  A. Job rotation policy
  B. NDA
  C. AUP
  D. Separation Of duties policy
  C. AUP

  ---

  "Which of the following prevents an employee from visiting an inappropriate website" .....which would somewhat make more sense. An acceptable use policy (AUP) is a document that outlines the rules and restrictions employees must follow in regard to the company's network, software, internet connection and devices. The employee shouldn't access the inappropriate website as it would go against proper use of the company network. ================ Helpful Info I Guess NDA (Non-disclosure agreement) - a binding contract between two or more parties that prevents sensitive information from being shared with others. Separation of Duty - refers to the principle that no user should be given enough privileges to misuse the system on their own. Job rotation - A concept that has employees rotate through different jobs to learn the procedures and processes in each. From a security perspective, job rotation helps to prevent or expose dangerous shortcuts or even fraudulent activity.

• Question 108:

  Which of the follow ng disaster recovery sites is the most cost effective to operate?

  A. Warm site
  B. Cold site
  C. Hot site
  D. Hybrid site
  B. Cold site

• Question 109:

  A company's bank has reported that multiple corporate credit cards have been stolen over the past several weeks. The bank has provided the names of the affected cardholders to the company's forensics team to assist in the cyber-incident

  investigation.

  An incident responder learns the following information:

  The timeline of stolen card numbers corresponds closely with affected users making Internet-based purchases from diverse websites via enterprise desktop PCs.

  All purchase connections were encrypted, and the company uses an SSL inspection proxy for the inspection of encrypted traffic of the hardwired network.

  Purchases made with corporate cards over the corporate guest WiFi network, where no SSL inspection occurs, were unaffected.

  Which of the following is the MOST likely root cause?

  A. HTTPS sessions are being downgraded to insecure cipher suites
  B. The SSL inspection proxy is feeding events to a compromised SIEM
  C. The payment providers are insecurely processing credit card charges
  D. The adversary has not yet established a presence on the guest WiFi network
  B. The SSL inspection proxy is feeding events to a compromised SIEM

  ---

  Explanation Explanation/Reference:The purchases are only getting affected from systems where SSL inspection is occurring. Its fine on all others. IT cant be a HTTPS downgrade as that wouldn't be specific to the SSL inspection.

• Question 110:

  An accounting intern receives an invoice via email from the Chief Executive Officer (CEO). In the email, the CEO demands the immediate release of funds to the bank account that is listed. Which of the following principles best describes why this attack might be successful?

  A. Authority
  B. Scarcity
  C. Consensus
  D. Familiarity
  A. Authority